Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers."Link to Original Source

The Aussie boffin probed the protocols behind Visa and Mastercard payment cards and proved the viability of an attack by successfully using cloned versions of his credit cards to shop at supermarket chain Woolworths, and buy beer at a Sydney pub.

Fillmore (@typhoonfilsy) demonstrated how a modded Nexus 4 could steal data from Paywave and Paypass cards that could be introduced into cloned cards. He said the phone could be subsituted with a larger suitcase-sized and a remote server for added ownage."Link to Original Source

The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme."Link to Original Source

The research by Kyle Soska and Nicolas Christin of Carnegie Mellon University used an engine which divined the future by looking at the past — more specifically, by trawling the Way Back Machine with its 391 billion stored pages for sites that had become malicious.

It determined [PDF] that of 4,916,203 current benign webpages (tied to 444,519 websites) about 3 million would become vulnerable within a year."Link to Original Source

mask.of.sanity (1228908) writes "More than 140,000 internet-of-things devices, from routers to CCTV systems contain zero-day vulnerabilities, backdoors, hard coded crackable passwords and blurted private keys, according to the first large scale analysis of firmware in embedded devices. Four researchers from EURECOM France found the flaws when conducting a simple but systematic, automated, and large-scale analysis of 32,356 firmware images running on embedded systems within thousands of different devices.

Of these, 693 had at least one vulnerability while 38 contained active (or possibly recently patched) zero day flaws."Link to Original Source

mask.of.sanity (1228908) writes "A string of documents detailing the operations and effectiveness of the FinFisher suite of surveillance platforms appears to have been leaked. The documents, some dated 4 April this year, detail the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies. The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."Link to Original Source

Opera Software developer Yngve Pettersen discovered the bungle while probing for Heartbleed vulnerable systems in the weeks after the bug was disclosed on April 7. He pinged half a million separate servers of sites rated as popular by Alexa and found hapless admins had, presumably in a panic, updated their then-unaffected-or-possibly-new boxes to the latest offering and in doing so introduced the Heartbleed bug."Link to Original Source